VM Ware issues two patches for critical flaws

News by Doug Olenick

VMware has issued updates to fix two security issues the company rated as critical, one of which could lead to a remote session hijacking if exploited.

VMware has issued updates to fix two security issues the company rated as critical, one of which could lead to a remote session hijacking if exploited.

The hijacking issue, CVE-2019-5523, was in VMware vCloud Director for Service Providers resolves a remote session hijack vulnerability in the Tenant and Provider Portals. The problem attacker could access the Tenant or Provider Portals by impersonating a currently logged in session.

The advisory covered multiple issues (CVE-2019-5514, CVE-2019-5515, CVE-2019-5518, CVE-2019-5519, CVE-2019-5524) in VMware vSphere ESXi, VMware Workstation Pro / Player and VMware Fusion Pro/Fusion. These contain an out-of-bounds read/write vulnerabilities and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). To exploit these flaws an attacker has to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.

In addition, VMware Fusion contains a security vulnerability caused by certain unauthenticated APIs being accessible through a web socket. This can be exploited by tricking the host user to execute a JavaScript to perform unauthorised functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

Patches are available for all issues.

VMware issued security advisories in mid-March for VMware Workstation Pro/Player and VMware Horizon.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop